‘Pegasus’ Spyware Infects Phones, Steals Photos, Secretly Films Owners

Several governments including Mexico, Morocco, and the United Arab Emirates stand accused of using spyware called “Pegasus” to infect and hack into both iPhones and Android smartphones. Once installed, it can fully access the device including remote and secret activation of the camera.

As reported by TechCrunch, a list of 50,000 phone numbers and surveillance targets — mostly journalists, activists, politicians, and business executives — was obtained by both Forbidden Stories — a Paris-based journalism nonprofit — and Amnesty International and shared with the likes of The Washington Post and The Guardian. Pegasus, spyware that was developed by the NSO Group, can access all of the data on an infected device including photo libraries. It can also secretly activate the cameras on the phone and record audio and video.

NSO Group is an Israeli technology firm founded in 2010 and is most well-known for its Pegasus spyware program. The spyware can be installed on a smartphone, both iPhones and Android smartphones, through vulnerabilities that exist in commonly used apps or by tricking the target into clicking on a malicious link. It can infect a device from an SMS text, iMessage, through WhatsApp, or even through a range of other unknown app vulnerabilities, as described by The Guardian.

On that last note, one major challenge to combating the Pegasus spyware is that it exploits unknown vulnerabilities in either host devices or apps, making it extremely difficult or even impossible to prevent infection. Pegasus can be delivered to a device through what is known as a “zero-click” exploit, which does not require the host to actually click the link to allow it to infect their device as it takes advantage of a yet undiscovered vulnerability in Apple’s current and most recent iOS software.

Once installed, Pegasus can theoretically do anything, from harvest data to activating features like the microphone or camera. It can then send back all that data to the original attacker with the target being none the wiser.

According to the technical report, there are traces of successful attacks by Pegasus on iPhones running the most recent version of Apple’s iOS and the attacks were carried out as recently as July of 2021. Android devices are just as susceptible.

Lawyers for the firm told the Guardian that Amnesty International’s report was “a compilation of speculative and baseless assumptions,” but did not dispute any of the findings therein.

“NSO Group firmly denies false claims made in your report, many of which are uncorroborated theories that raise serious doubts about the reliability of your sources, as well as the basis of your story,” NSO’s lawyers told The Guardian.

Amnesty’s researchers have published an extremely detailed technical report and also created a toolkit that can help users identify if their devices have been compromised by Pegasus. The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices — as both are vulnerable to Pegasus — and searches for forensic traces on the host devices. It should be noted that the toolkit works more reliably on iPhones, as it is much harder to detect an infection on an Android device.

Image credits: Header photo licensed via Depositphotos.